http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2347
Summary: X25 dissect checks payload and assumes IP before
heuristics
Product: Wireshark
Version: SVN
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: gerhard.nospam@xxxxxxxxx
Depends on: 2090
Gerhard Olsson <gerhard.nospam@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #1532| |review_for_checkin?
Flag| |
Created an attachment (id=1532)
--> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1532)
Changed order of "real" heuristics and data payload check, also 2090
Build Information:
svn is 24582 (svn not installed on build server)
Some custom patches
-----
TShark 0.99.9 (SVN Rev unknown)
Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 1.2.10, with libpcap 0.9.8, with libz 1.2.3, without POSIX
capabilities, with libpcre 5.0, with SMI 0.4.5, without ADNS, without Lua,
without GnuTLS, without Gcrypt, without Kerberos.
Running on SunOS 5.9, with libpcap version 0.9.8.
Built using gcc 3.4.2.
--
dissect_x25_common
If there is no current dissector registered for X25 and there is no hints in
the call packets, X25 tries to look at user data, then try heuristics. See end
of dissect_x25_common
This means that if the call data happens to start with 0x45, IP is assumed as
the data format even if the packet cannot be handled as IP (for instance too
short).
It is better to try the heuristics first as they should have more complete
tests.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.